Gergely Kalman

Gergely Kalman

Member since July 5, 2012

Hungary

With a background in IT-Security, Gergely has worked as Lead Developer for an Alexa Top 50 website serving several million unique visitors each month. He is a diligent and motivated worker who likes to dive in and get things done.

Provided consultation and architectural help for Lalibco, which processed more than $500.000 daily for an Alexa top 50 website. Several bugs and security holes were uncovered in their systems. I prepared it for the PCI-DSS audit, which it passed successfully.

Online Payment Architect, PCI-DSS Consultant (Other amazing things)

Helped design Escalion's (Lalib successor) system architecture from networking to services to policies and procedures. Advised on secure software practices and developed policies and procedures to keep cardholder data secure. Escalion passed PCI-DSS test and took over Lalib's transactions, which were around $500.000 each day.

For all too many companies, it's not until after a breach has occurred that security becomes a priority. An effective approach to IT security must, by definition, be proactive and defensive. This post focuses on 10 common and significant web-related IT security pitfalls to be aware of, including recommendations on how they can be avoided.

A potentially critical problem, nicknamed "Heartbleed", has surfaced in the widely-used OpenSSL cryptographic library. The vulnerability is particularly dangerous in that potentially critical data can be leaked and the attack leaves no trace.
As a user, chances are that sites you frequent regularly are affected and your data may have been compromised. As a developer or sys admin, sites or servers you're responsible for are likely to have been affected.
Here are the key facts you need to know about this dangerous bug and how to mitigate your vulnerability.

With a Filter Bypass and Some Hexadecimal, Hacked Credit Card Numbers Are Still, Still Google-able (Publication)

In 2007, Bennett Haselton revealed a minor hack with major implications: querying ranges of numbers on Google would return pages of sensitive information, including Credit Card numbers, Social Security numbers, and more. While Haselton's hack was addressed and patched, I was able to tweak his original technique to bypass Google's filter and return the same old dangerous results.

How I Made Porn 20x More Efficient with Python Video Streaming (Publication)

Porn is a big industry. There aren’t many sites on the Internet that can rival the traffic of its biggest players.
And juggling this immense traffic is tough. To make things even harder, much of the content served from porn sites is made up of low latency live streams rather than simple static video content. But for all of the challenges involved, rarely have I read about the developers who take them on. So I decided to write about my own experience on the job.